Skip to main content

Looking for Guidance on JSON Log Parser Creation

  • February 6, 2025
  • 3 replies
  • 13 views
S
Forum|alt.badge.img+8

Hi everyone,

I’m looking for a guide or best practices on creating parsers for JSON logs. If anyone has experience or resources to share, I’d appreciate your insights!

Thanks in advance.

    3 replies

    sudeep_singh
    Forum|alt.badge.img+6
    • sudeep_singhBronze 1
    • Bronze 1
    • February 6, 2025

    Hi @skadav ,

    Can you share the smaple logs of what kind of Json logs you want to parse ?

    mikewilusz
    Staff
    Forum|alt.badge.img+10
    • mikewilusz
    • Staff
    • February 6, 2025

    You may find one of my Medium posts useful: https://medium.com/@cloudymike/parsing-netflow-data-in-google-secops-2f1b0f58ea49

    I walk through building a parser, from scratch, for a JSON log (Netflow in this example).

    -mike

      t-martin
      Staff
      Forum|alt.badge.img+1
      • t-martin
      • Staff
      • February 6, 2025

      @skadav SecOps just announced a public preview of auto-extraction for JSON logs. You may be able to utilize this feature for what you're trying to accomplish. Check out more details here:

      https://cloud.google.com/chronicle/docs/event-processing/auto-extraction

       

        Terms & ConditionsCookie settingsAccessibility statement
        Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

        © 2025 Google. All rights reserved.